dependabot-pre_commit 0.363.0 → 0.364.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 992ba7269128211c8ce88fa7074245571db4980d9f2f9cee55b9dc90cbcc8c72
-  data.tar.gz: 8879531e1850590a92fc0966ff189a8578c161460510eb6ab3988d3c7f3f7158
+  metadata.gz: d1bd3f81f06b4e86d4139cf07b731129092edf1f86f4febc799cefb7d67fd03e
+  data.tar.gz: 1fa2859dd9dafc4b09ab7718de4b59d2cff583c5991c5439644b40fb2c4a88c8
 SHA512:
-  metadata.gz: 5cafdaa259570be35235bc3f15fa47cd04a9adf85871f726b36043a6d5afb4388154c1d8819db13a705dd63d84fba4a196f4a4541d5357f8360f0596e39d3b6a
-  data.tar.gz: d073171bc7aecd0fe94f661a06be98d340ad454d7ae6a66cec9567ce00f39d4c4187ca422d28004a453630b5d6f64173f97ed04e915c4dcebfd28e8d9688f510
+  metadata.gz: e3c7c74f6e6565ca5ecf32734d4a9d7af200e8acaabec1856abb839815b5d26360375c915104a7b4c484abf0333e68685029ad5b793ab43da0179893f5088507
+  data.tar.gz: e1f3f69285a2cf37e1072ae5216693f51d764c48ef2de33dda2d669943900e41f085e4ec6a8529f761a11fedb58a2c82867a2ef9ab67fdb2b80c47942931203e

data/lib/dependabot/pre_commit/file_fetcher.rb

@@ -25,13 +25,6 @@ module Dependabot
 
       sig { override.returns(T::Array[DependencyFile]) }
       def fetch_files
-        unless allow_beta_ecosystems?
-          raise Dependabot::DependencyFileNotFound.new(
-            nil,
-            "PreCommit support is currently in beta. Set ALLOW_BETA_ECOSYSTEMS=true to enable it."
-          )
-        end
-
         fetched_files = []
         fetched_files << pre_commit_config
 

data/lib/dependabot/pre_commit/file_parser/hook_language_fetcher.rb

@@ -0,0 +1,181 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "yaml"
+require "base64"
+require "sorbet-runtime"
+require "dependabot/clients/github_with_retries"
+require "dependabot/shared_helpers"
+require "dependabot/source"
+
+require "dependabot/pre_commit/file_parser"
+
+module Dependabot
+  module PreCommit
+    class FileParser < Dependabot::FileParsers::Base
+      # Fetches hook language information from the source repository's
+      # .pre-commit-hooks.yaml file. This is needed because the language field
+      # is typically defined in the hook repo, not in the consumer's
+      # .pre-commit-config.yaml file.
+      class HookLanguageFetcher
+        extend T::Sig
+
+        HOOKS_FILE = ".pre-commit-hooks.yaml"
+
+        sig do
+          params(
+            credentials: T::Array[Dependabot::Credential]
+          ).void
+        end
+        def initialize(credentials:)
+          @credentials = credentials
+          @hooks_cache = T.let({}, T::Hash[String, T.nilable(T::Array[T::Hash[String, T.untyped]])])
+        end
+
+        # Fetches the language for a specific hook from the hook source repository.
+        #
+        # @param repo_url [String] The URL of the hook repository (e.g., "https://github.com/psf/black")
+        # @param revision [String] The revision (tag, SHA, branch) to fetch from
+        # @param hook_id [String] The hook ID to look up (e.g., "black")
+        # @return [String, nil] The language for the hook, or nil if not found
+        sig do
+          params(
+            repo_url: String,
+            revision: String,
+            hook_id: String
+          ).returns(T.nilable(String))
+        end
+        def fetch_language(repo_url:, revision:, hook_id:)
+          hooks = fetch_hooks_from_repo(repo_url, revision)
+          return nil unless hooks
+
+          hook = hooks.find { |h| h["id"] == hook_id }
+          return nil unless hook
+
+          T.cast(hook["language"], T.nilable(String))
+        end
+
+        private
+
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+
+        sig do
+          params(
+            repo_url: String,
+            revision: String
+          ).returns(T.nilable(T::Array[T::Hash[String, T.untyped]]))
+        end
+        def fetch_hooks_from_repo(repo_url, revision)
+          cache_key = "#{repo_url}@#{revision}"
+          return @hooks_cache[cache_key] if @hooks_cache.key?(cache_key)
+
+          hooks = fetch_hooks_internal(repo_url, revision)
+          @hooks_cache[cache_key] = hooks
+          hooks
+        end
+
+        sig do
+          params(
+            repo_url: String,
+            revision: String
+          ).returns(T.nilable(T::Array[T::Hash[String, T.untyped]]))
+        end
+        def fetch_hooks_internal(repo_url, revision)
+          source = Source.from_url(repo_url)
+          return fetch_via_git_clone(repo_url, revision) unless source
+          return fetch_via_git_clone(repo_url, revision) unless source.provider == "github"
+
+          fetch_from_github(source, revision)
+        rescue StandardError => e
+          Dependabot.logger.debug("Failed to fetch hooks from #{repo_url}@#{revision}: #{e.message}")
+          nil
+        end
+
+        sig do
+          params(
+            source: Dependabot::Source,
+            revision: String
+          ).returns(T.nilable(T::Array[T::Hash[String, T.untyped]]))
+        end
+        def fetch_from_github(source, revision)
+          response = github_client.send(
+            :contents,
+            source.repo,
+            path: HOOKS_FILE,
+            ref: revision
+          )
+          return nil unless response
+
+          content = Base64.decode64(response.content)
+          parse_hooks_yaml(content)
+        rescue Octokit::NotFound
+          Dependabot.logger.debug("#{HOOKS_FILE} not found in #{source.repo}@#{revision}")
+          nil
+        rescue StandardError => e
+          Dependabot.logger.debug("Error fetching from GitHub: #{e.message}")
+          fetch_via_git_clone("https://github.com/#{source.repo}", revision)
+        end
+
+        sig do
+          params(
+            repo_url: String,
+            revision: String
+          ).returns(T.nilable(T::Array[T::Hash[String, T.untyped]]))
+        end
+        def fetch_via_git_clone(repo_url, revision)
+          source = Source.from_url(repo_url)
+          return nil unless source
+
+          SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
+            repo_contents_path = File.join(temp_dir, File.basename(source.repo))
+
+            SharedHelpers.run_shell_command(
+              "git clone --no-checkout --depth 1 #{repo_url} #{repo_contents_path}",
+              fingerprint: "git clone --no-checkout --depth 1 <url> <path>"
+            )
+
+            Dir.chdir(repo_contents_path) do
+              # Fetch the specific revision and checkout the hooks file
+              SharedHelpers.run_shell_command(
+                "git fetch --depth 1 origin #{revision}",
+                fingerprint: "git fetch --depth 1 origin <revision>"
+              )
+              SharedHelpers.run_shell_command(
+                "git checkout FETCH_HEAD -- #{HOOKS_FILE}",
+                fingerprint: "git checkout FETCH_HEAD -- <file>"
+              )
+
+              return nil unless File.exist?(HOOKS_FILE)
+
+              content = File.read(HOOKS_FILE)
+              parse_hooks_yaml(content)
+            end
+          end
+        rescue StandardError => e
+          Dependabot.logger.debug("Failed to clone and fetch hooks: #{e.message}")
+          nil
+        end
+
+        sig { params(content: String).returns(T.nilable(T::Array[T::Hash[String, T.untyped]])) }
+        def parse_hooks_yaml(content)
+          yaml = YAML.safe_load(content, aliases: true)
+          return nil unless yaml.is_a?(Array)
+
+          yaml.grep(Hash)
+        rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias => e
+          Dependabot.logger.debug("Failed to parse hooks YAML: #{e.message}")
+          nil
+        end
+
+        sig { returns(Dependabot::Clients::GithubWithRetries) }
+        def github_client
+          @github_client ||= T.let(
+            Dependabot::Clients::GithubWithRetries.for_github_dot_com(credentials: credentials),
+            T.nilable(Dependabot::Clients::GithubWithRetries)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/pre_commit/file_parser.rb

@@ -23,6 +23,7 @@ module Dependabot
       extend T::Sig
 
       require "dependabot/file_parsers/base/dependency_set"
+      require_relative "file_parser/hook_language_fetcher"
 
       CONFIG_FILE_PATTERN = /\.pre-commit(-config)?\.ya?ml$/i
       ECOSYSTEM = "pre_commit"
@@ -134,6 +135,7 @@ module Dependabot
       def parse_additional_dependencies(repo, file)
         dependencies = []
         repo_url = repo["repo"]
+        revision = repo["rev"]
 
         return dependencies if repo_url.nil? || %w(local meta).include?(repo_url)
 
@@ -141,7 +143,7 @@ module Dependabot
         hooks.each do |hook|
           next unless hook.is_a?(Hash)
 
-          hook_deps = parse_hook_additional_dependencies(hook, repo_url, file)
+          hook_deps = parse_hook_additional_dependencies(hook, repo_url, revision, file)
           dependencies.concat(hook_deps)
         end
 
@@ -152,18 +154,24 @@ module Dependabot
         params(
           hook: T::Hash[String, T.untyped],
           repo_url: String,
+          revision: T.nilable(String),
           file: Dependabot::DependencyFile
         ).returns(T::Array[Dependabot::Dependency])
       end
-      def parse_hook_additional_dependencies(hook, repo_url, file)
+      def parse_hook_additional_dependencies(hook, repo_url, revision, file)
         dependencies = []
+        hook_id = hook["id"]
 
-        return dependencies unless hook["id"]
+        return dependencies unless hook_id
 
         additional_deps = hook.fetch("additional_dependencies", [])
         return dependencies if additional_deps.empty?
 
-        parser = LANGUAGE_PARSERS[hook["language"]]
+        # Get language from local config first, then try fetching from hook source repo
+        language = resolve_hook_language(hook, repo_url, revision, hook_id)
+        return dependencies unless language
+
+        parser = LANGUAGE_PARSERS[language]
         return dependencies unless parser
 
         additional_deps.each do |dep_string|
@@ -181,10 +189,10 @@ module Dependabot
               file: file.name,
               source: {
                 type: "additional_dependency",
-                language: hook["language"],
+                language: language,
                 package_name: parsed[:normalised_name],
                 original_name: parsed[:name],
-                hook_id: hook["id"],
+                hook_id: hook_id,
                 hook_repo: repo_url,
                 extras: parsed[:extras],
                 original_string: dep_string
@@ -197,6 +205,37 @@ module Dependabot
         dependencies
       end
 
+      sig do
+        params(
+          hook: T::Hash[String, T.untyped],
+          repo_url: String,
+          revision: T.nilable(String),
+          hook_id: String
+        ).returns(T.nilable(String))
+      end
+      def resolve_hook_language(hook, repo_url, revision, hook_id)
+        # Use local language if explicitly specified
+        local_language = hook["language"]
+        return local_language if local_language
+
+        # Otherwise fetch from the hook source repository
+        return nil unless revision
+
+        hook_language_fetcher.fetch_language(
+          repo_url: repo_url,
+          revision: revision,
+          hook_id: hook_id
+        )
+      end
+
+      sig { returns(HookLanguageFetcher) }
+      def hook_language_fetcher
+        @hook_language_fetcher ||= T.let(
+          HookLanguageFetcher.new(credentials: credentials),
+          T.nilable(HookLanguageFetcher)
+        )
+      end
+
       sig do
         params(
           file: Dependabot::DependencyFile,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-pre_commit
 version: !ruby/object:Gem::Version
-  version: 0.363.0
+  version: 0.364.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,84 +15,84 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
 - !ruby/object:Gem::Dependency
   name: dependabot-cargo
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
 - !ruby/object:Gem::Dependency
   name: dependabot-common
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
 - !ruby/object:Gem::Dependency
   name: dependabot-go_modules
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
 - !ruby/object:Gem::Dependency
   name: dependabot-npm_and_yarn
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
 - !ruby/object:Gem::Dependency
   name: dependabot-python
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.363.0
+        version: 0.364.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -323,6 +323,7 @@ files:
 - lib/dependabot/pre_commit/comment_version_helper.rb
 - lib/dependabot/pre_commit/file_fetcher.rb
 - lib/dependabot/pre_commit/file_parser.rb
+- lib/dependabot/pre_commit/file_parser/hook_language_fetcher.rb
 - lib/dependabot/pre_commit/file_updater.rb
 - lib/dependabot/pre_commit/helpers.rb
 - lib/dependabot/pre_commit/metadata_finder.rb
@@ -337,7 +338,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.363.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.364.0
 rdoc_options: []
 require_paths:
 - lib